The atomCreationProtocolFee and tripleCreationProtocolFee which is charged while atom and triple creation to users. The fee setter for these fees is implemented as:
function setAtomCreationProtocolFee(uint256 atomCreationProtocolFee) external onlyAdmin {
atomConfig.atomCreationProtocolFee = atomCreationProtocolFee;
}
function setTripleCreationProtocolFee(uint256 tripleCreationProtocolFee) external onlyAdmin {
tripleConfig.tripleCreationProtocolFee = tripleCreationProtocolFee;
}
Both of these functions does not have any upper limit/bound checks which means upto type(uint256).max, the fee value can be set.
This breaks the design inconsistency and users trust, transparency with intuition protocol as following functions are restricted to certain percentage of fee for entry/exit/protocol fees. These functions upper bound fee restriction can be checked here
Recommendation to fix\
Consider implementing upper bound or maximum fee checks for atomCreationProtocolFee and tripleCreationProtocolFee, similar to as done for entry/exit/protocol fees.
Github username: -- Twitter username: -- Submission hash (on-chain): 0xf7a015f3ddf4340c4b05c50a50ed383c0990d8ac664a64fdd0e0f799156cf447 Severity: low
Description: Description\
The
atomCreationProtocolFeeandtripleCreationProtocolFeewhich is charged while atom and triple creation to users. The fee setter for these fees is implemented as:Both of these functions does not have any upper limit/bound checks which means upto
type(uint256).max, the fee value can be set.This breaks the design inconsistency and users trust, transparency with intuition protocol as following functions are restricted to certain percentage of fee for
entry/exit/protocol fees. These functions upper bound fee restriction can be checked hereRecommendation to fix\
Consider implementing upper bound or maximum fee checks for
atomCreationProtocolFeeandtripleCreationProtocolFee, similar to as done forentry/exit/protocol fees.